diff options
Diffstat (limited to 'security/selinux/xfrm.c')
| -rw-r--r-- | security/selinux/xfrm.c | 23 |
1 files changed, 15 insertions, 8 deletions
diff --git a/security/selinux/xfrm.c b/security/selinux/xfrm.c index 928188902901..91dc3783ed94 100644 --- a/security/selinux/xfrm.c +++ b/security/selinux/xfrm.c | |||
| @@ -101,11 +101,13 @@ static int selinux_xfrm_alloc_user(struct xfrm_sec_ctx **ctxp, | |||
| 101 | ctx->ctx_len = str_len; | 101 | ctx->ctx_len = str_len; |
| 102 | memcpy(ctx->ctx_str, &uctx[1], str_len); | 102 | memcpy(ctx->ctx_str, &uctx[1], str_len); |
| 103 | ctx->ctx_str[str_len] = '\0'; | 103 | ctx->ctx_str[str_len] = '\0'; |
| 104 | rc = security_context_to_sid(ctx->ctx_str, str_len, &ctx->ctx_sid, gfp); | 104 | rc = security_context_to_sid(&selinux_state, ctx->ctx_str, str_len, |
| 105 | &ctx->ctx_sid, gfp); | ||
| 105 | if (rc) | 106 | if (rc) |
| 106 | goto err; | 107 | goto err; |
| 107 | 108 | ||
| 108 | rc = avc_has_perm(tsec->sid, ctx->ctx_sid, | 109 | rc = avc_has_perm(&selinux_state, |
| 110 | tsec->sid, ctx->ctx_sid, | ||
| 109 | SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL); | 111 | SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL); |
| 110 | if (rc) | 112 | if (rc) |
| 111 | goto err; | 113 | goto err; |
| @@ -141,7 +143,8 @@ static int selinux_xfrm_delete(struct xfrm_sec_ctx *ctx) | |||
| 141 | if (!ctx) | 143 | if (!ctx) |
| 142 | return 0; | 144 | return 0; |
| 143 | 145 | ||
| 144 | return avc_has_perm(tsec->sid, ctx->ctx_sid, | 146 | return avc_has_perm(&selinux_state, |
| 147 | tsec->sid, ctx->ctx_sid, | ||
| 145 | SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, | 148 | SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, |
| 146 | NULL); | 149 | NULL); |
| 147 | } | 150 | } |
| @@ -163,7 +166,8 @@ int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) | |||
| 163 | if (!selinux_authorizable_ctx(ctx)) | 166 | if (!selinux_authorizable_ctx(ctx)) |
| 164 | return -EINVAL; | 167 | return -EINVAL; |
| 165 | 168 | ||
| 166 | rc = avc_has_perm(fl_secid, ctx->ctx_sid, | 169 | rc = avc_has_perm(&selinux_state, |
| 170 | fl_secid, ctx->ctx_sid, | ||
| 167 | SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL); | 171 | SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, NULL); |
| 168 | return (rc == -EACCES ? -ESRCH : rc); | 172 | return (rc == -EACCES ? -ESRCH : rc); |
| 169 | } | 173 | } |
| @@ -202,7 +206,8 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, | |||
| 202 | /* We don't need a separate SA Vs. policy polmatch check since the SA | 206 | /* We don't need a separate SA Vs. policy polmatch check since the SA |
| 203 | * is now of the same label as the flow and a flow Vs. policy polmatch | 207 | * is now of the same label as the flow and a flow Vs. policy polmatch |
| 204 | * check had already happened in selinux_xfrm_policy_lookup() above. */ | 208 | * check had already happened in selinux_xfrm_policy_lookup() above. */ |
| 205 | return (avc_has_perm(fl->flowi_secid, state_sid, | 209 | return (avc_has_perm(&selinux_state, |
| 210 | fl->flowi_secid, state_sid, | ||
| 206 | SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, | 211 | SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, |
| 207 | NULL) ? 0 : 1); | 212 | NULL) ? 0 : 1); |
| 208 | } | 213 | } |
| @@ -352,7 +357,8 @@ int selinux_xfrm_state_alloc_acquire(struct xfrm_state *x, | |||
| 352 | if (secid == 0) | 357 | if (secid == 0) |
| 353 | return -EINVAL; | 358 | return -EINVAL; |
| 354 | 359 | ||
| 355 | rc = security_sid_to_context(secid, &ctx_str, &str_len); | 360 | rc = security_sid_to_context(&selinux_state, secid, &ctx_str, |
| 361 | &str_len); | ||
| 356 | if (rc) | 362 | if (rc) |
| 357 | return rc; | 363 | return rc; |
| 358 | 364 | ||
| @@ -420,7 +426,8 @@ int selinux_xfrm_sock_rcv_skb(u32 sk_sid, struct sk_buff *skb, | |||
| 420 | /* This check even when there's no association involved is intended, | 426 | /* This check even when there's no association involved is intended, |
| 421 | * according to Trent Jaeger, to make sure a process can't engage in | 427 | * according to Trent Jaeger, to make sure a process can't engage in |
| 422 | * non-IPsec communication unless explicitly allowed by policy. */ | 428 | * non-IPsec communication unless explicitly allowed by policy. */ |
| 423 | return avc_has_perm(sk_sid, peer_sid, | 429 | return avc_has_perm(&selinux_state, |
| 430 | sk_sid, peer_sid, | ||
| 424 | SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad); | 431 | SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad); |
| 425 | } | 432 | } |
| 426 | 433 | ||
| @@ -463,6 +470,6 @@ int selinux_xfrm_postroute_last(u32 sk_sid, struct sk_buff *skb, | |||
| 463 | /* This check even when there's no association involved is intended, | 470 | /* This check even when there's no association involved is intended, |
| 464 | * according to Trent Jaeger, to make sure a process can't engage in | 471 | * according to Trent Jaeger, to make sure a process can't engage in |
| 465 | * non-IPsec communication unless explicitly allowed by policy. */ | 472 | * non-IPsec communication unless explicitly allowed by policy. */ |
| 466 | return avc_has_perm(sk_sid, SECINITSID_UNLABELED, | 473 | return avc_has_perm(&selinux_state, sk_sid, SECINITSID_UNLABELED, |
| 467 | SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad); | 474 | SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, ad); |
| 468 | } | 475 | } |